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(54) Method of generating authentication-enabled electronic data 



(57) In an authentication-enabled electronic data 
generating method, strict authentication of the genuine- 
ness of electronic data is enabled, and the genuineness 
is visually expressed to users of electronic data. A dig- 
ital signature is appended to authentication information 
for authenticating an electronic mark B 112 such as a 
Web page 109, a trademark or the like, and then the 
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authentication information with the digital signal is 
embedded as an invisible digital watermark into an elec- 
tronic mark A 1 1 1 . Thereafter, the electronic mark A 11 1 
which visually expresses the genuineness is embedded 
as a visible digital watermark into the electronic mark B 
112. 



FIG. 5 
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Description 

BACKGROUND OF THE INVENTION 

1. Field of the Invention s 

[0001 ] The present invention relates to a technique of 
enabling authentication of genuineness of electronic 
data by using image data, and particularly to a tech- 
nique of enabling strict authentication of genuineness of io 
electronic data and also visually expressing genuine- 
ness of electronic data on the basis of an image repre- 
sented by the image data. U.S. Patent Applications 
Serial Nos. 09/090.419 and 09/144.989, Japanese Pat- 
ent Application No. Hei- 10-2268^ and Japanese Pat- is 
ent Application No. Hei-1 0-24471 9 are applications 
which are relevant to this application. 

2. Description of Related Art 

20 

[0002] A technique called "digital signature" has been 
conventionally known as a technique enabling authenti- 
cation of authenticity of electronic (digital) data. 
[0003] The digital signature technique, developed to 
guarantee the authenticity of electronic data, combines 25 
public key cipher technology with one-way property 
functions. 

[0004] In this technology, a pair of keys, a private key 
S and a public key V which satisfy g (f (n, S) V) = n and 
KQ (n. V). S) = n. is created first, where n represents so 
data, and f and g represent functions. These formulae 
mean that data encrypted with the private key S may be 
decrypted by with the put>lic key V and that, conversely, 
data enaypted with the public key V may be decrypted 
with the private key S. It should also be noted that it is 35 
virtually impossible to find the private key S from the 
public key V. 

[0005] Once the private key S and the public key V are 
created, the aeator passes the public key V to a partner 
and holds the private key S privately. 
[0006] When the key creator sends data to the part- 
ner, the creator passes data to which a digital signature 
is attached. This digital signature is created by evaluat- 
ing data with a predetermined one-way property func- 
tion and then enaypting the resulting evaluation value 
with the private key S. 

[0007] The one-way property function descrbed 
above can calculate an evaluation value from data, but 
it is impossible to virtually calculate the original data 
from the evaluation value. In addition, It is necessary for 
the one-way property function used in creating a digital 
signature to return a unique bit string for each piece of 
unique data; that is, the probability of the function 
returning the same bit string to two or more pieces of 
data must be very small. An example of such functions 
is a one-way hash function which evaluates data and 
returns a bit string as the evaluation value of the data. 
The evaluation value h(D) calculated by the one-way 



hash function is called the hash value of D. where h is 
the one-way hash function and D is data. 
[0008] Upon receiving data to which a digital signature 
is attached, tiie receiving partner evaluates the data 
with the one-way property function to obtain an evalua- 
tion value and then checks if tiie evaluation value 
matches the value generated by decrypting the digital 
signature using the public key V. When they match, it is 
verified that the digital signature was created by the 
holder of tiie private key S con^esponding to the put)Iic 
key V and that the digital signature is for the data tiiat 
was received. 

[0009] Beskles, tiiere has been conventionally known 
a WWW system with a WWW (World Wide Web) server 
program and a Browser program, which uses a publicly- 
open network such as Internet or the like. 
[001 0] The WWW system is composed of at least one 
WWW server on which a WWW server program for pub- 
lishing information runs and at least one client terminal 
on which a browser program for browsing published 
information runs. Data is transferred between the WWW 
server and the client terminal via the communication 
protocol called HTTP (Hyper Text Transfer Protocol). 
[001 1] To publish information on the WWW server, a 
server user must create a Web page containing data to 
be published. This page contains text data, irmge data, 
audio data, video data, and link data to other Web 
pages, all interconnected using a structure desaiptlon 
language called HTML (Hyper Text Markup Language). 
Then, the user stores this Web page in a location (direc- 
tory) in the WWW server so that it may be accessed 
from other computers (client terminals or otiier WWW 
servers). 

[001 2] To browse a published Web page from a client 
terminal using a browser program, a terminal user must 
type the URL (Uniform Resource Locator) of the Web 
page. Then, the Web page is sent from the WWW 
server to the client terminal. The text data, image data, 
and video data of tiie Web page are displayed on tiie cli- 
ent terminal screen. Audio data, if included in the page, 
is produced from the speaker connected to the client 
terminal. 

[001 3] TTie recent trend Is that the WWW system like 
this is used not only as the communication means but 
also in business. One such application is an electronic 
commerce system which provides the user witii infor- 
mation on goods using this WWW system. 
[0014] In such an electronic commerce system, most 
vendors include into their web pages the image data, 
such as the logos of credit card companies, to allow the 
user to instantiy select one of various payment meth- 
ods. This is similar to a real-world (not a world such as 
tiie Internet) store where the logos of tiie credit card 
companies are put up on tiie counter or in ttie show win- 
dow. 

[0015] Sometimes, a Web page may also contain 
image data, such as logo marks indicating the Web 
page creator or an authentic individual or organization 
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which has authorized the Web page, to allow a Web 
page user to instantly ascertain who has created the 
Web page or that the Web page has been authorized by 
the authentic individual or organization. 
[001 6] Further, as a technique of embedding infonma- s 
tion into innage data is known a digital watermark tech- 
nique disclosed In IBM System Journal Vol. 35, No. 3 & 
4, 1996. pp. 313-336, According to this technique. Infor- 
mation is embedded into image data so that variation of 
an image pattern represented by the image data cannot io 
be visually recognized and the information embedded in 
the image data cannot be separated from the image 
data. The digital watermark technique with which the 
embedded information cannot be visually recognized 
from the image pattern represented by the image data is 
having the information embedded therein is called as an 
"invisible digital watermark technique". 
[0017] According to such an invisible digital water- 
mark technique, it is expected that Illegal use of image 
data can be prevented by embedding identification infor- so 
mation of a manufacture or distributor into image data. 
[0018] Furthermore, a digital watermark technique 
disclosed in U.S. Patent No. 5,530,759 is known as a 
technique of imitating traditional watermark for image 
data. According to this technique, the brightness of the 2S 
image data represented by a specifk; image pattern is 
varied in accordance with a watermark image pattern 
representing information to be embedded to thereby 
generate image data which represents the specific 
image pattern and also represents slightly the water- so 
mark image pattern. In this case, it is impossible to sep- 
arate the original specific image pattern and the 
watermark Image pattern from the vvatermark embed- 
ded image data thus generated. Such a digital water- 
mark technique that the embedded information can be 35 
visually recognized from the image pattern represented 
by the information-embedded image data is called as a 
"visible digital watermark technique**. 
[0019] According to such a visible digital watermark 
technique, the visibility of an original image pattern is 40 
prevented from being greatly damaged by the image 
pattern represented by the image data in which informa- 
tion is embedded, and an image pattern representing a 
manufacturer, a distributor or the like can be presented 
so as to be visually recognizable. 45 

gUMMARY OF TH^ INVENTION 

[0020] According to the technique of enabling the gen- 
uineness of electronic data to be authenticated by the so 
digital signature, it Is so bothersome that not only the 
electronic data, but also the digital signature and the 
electronic data must be managed In combination with 
each other. Since the digital signature is invisible, the 
genuineness of the electronic data cannot be directly ss 
and visually expressed to a user of the electronic data. 
[0021 ] On the other hand, according to the technique 
containing a logo mark Into a Web page, since the logo 



mark can be simply copied and illegally used, it cannot 
be said that the genuineness of the electronic data can 
be authenticated by the logo mark 
[0022] Therefore, an object of the present invention is 
to enable the strict authentication of the genuineness of 
electronic data and visually express the genuineness of 
the electronic data for users of the electronic data. 
[0023] In order to attain the above object, according to 
the present invention, there is provided a method of 
generating authentication-enabled electronic data, 
comprising the steps of: embedcfing digital-signature 
appended authentication information for authenticating 
the electronic data as an Invisible digital watermark Into 
a first image and applying a visually-recognizable alter- 
ation to the first image data embedded with tiie tnvisit)le 
digital watermark to generate a second image; and 
inserting tiie second Image into the electronic data to 
generate tiie autiienticatlon-enabled electronic data. 
[0024] According to the authentication-enabled elec- 
tronic data generated by the above method, the genu- 
ineness of tiie electronic data can be strictiy 
authenticated by the digital-signature appended 
authentication information embedded as the invisilDle 
digital watermark. Furtiier. a desired mark such as a 
ti'ademark or tiie like can be displayed by the second 
Image contained In the display of the authentication- 
enabled electronic data, and the genuineness of elec- 
tronic data which cannot be perfectiy represented by 
only the normal display of a mark such as a trademark 
or the like can be visually represented by tiie alteration 
applied to the second Image. 

DESCRIPTION OF THE DRAWINGS 

[0025] 

Rg. 1 is a block diagram showing a configuration of 
a genuineness authentication system for digital 
contents according to a first embodiment of tiie 
present Invention; 

Rg. 2 is a block diagram showing a configuration of 
a mark-pasted content creating device according to 
tiie first embodiment of the present invention; 
Rg. 3 is a block diagram showing a configuration of 
a content authentication device according to the 
first embodiment of the present invention; 
Rg. 4 Is a block diagram showing a configuration of 
an electi-onic computer usable to Implement tiie 
mark-pasted content creating device and tiie con- 
tent authentication device according to the first 
emlxdiment of the present invention; 
Fig. 5 Is a diagram showing a processing of the 
mark-pasted content creating device according to 
tiie first embodiment of the present invention; 
Rg. 6 is a ftowchart showing a procedure of the 
operation of tiie mark-pasted content creating 
device according to the first embodiment of the 
present Invention; 



so 



3 



BNSDOOD: <EP 0982927A1_I_> 



5 



EP0982 927 A1 



.6 



Fig. 7 is a flowchart showing a procedure of the 
operation of the content authentication device 
according to the first entbodiment of tiie present 
invention; 

Fig. 8 is a flowchart showing a procedure of the 
operation of the mark-pasted content creating 
device according to a second embodiment of tiie 
present invention; 

Fig. 9 is a diagram showing a processing of the 
niark-pasted content creating device according to 
the second embodiment of the present invention; 
Fig. 10 is a flowchart showing a procedure of the 
operation of tiie content authentication device 
according to the second embodiment of the present 
invention; 

Rg, 11 is a diagram showing a processing of the 
mark-pasted content creating device according to a 
third embodiment of the present invention; 
Rg. 12 is a block diagram showing a configuration 
of the content autiientication device according to a 
fourth embodiment of the present invention; 
Rg. 13 is a flowchart showing a procedure of the 
operation of the mark-pasted content creating 
device according to the fourth embodiment of the 
present invention; 

Rg. 14 is a diagram showing a processing of the 
mark-pasted content creating device according to 
the fourth embodiment of tiie present Invention; 
Rg. 15 is a fbwchart showing a procedure of the 
operation of tiie content authentication device 
according to the fourth embodiment of tiie present 
invention; and 

Rg. 16 is a diagram showing a processing of the 
mark-pasted content creating device according to a 
f iftti embodiment of the present inventk>n. 

DETAILED DESCRIPTION OF THE PREFERRED . 

EMBODIMENTS 

[0026] Preferred embodiments according to the 
present invention will be described hereunder with refer- 
ence to the accompanying drawings. 
[0027] A first embodiment of the present invention will 
be described by applying the present invention to a case 
where genuineness of a web page can be authenticated 
by electronic data. 

[0028] Fig. 1 shows a configuration of a genuineness 
autiientication system of a digital content according to 

the first embodiment of the present invention. 
[0029] As shown in Fig. 1, tiie genuineness authenti- 
cation system of the digital content comprises a mark- 
pasted content generating device 100 and a content 
check device 200. 

[0030] The mark-pasted content generating device 
100 comprises an operating unit 102 and a storage unit 
103, as shown in Fig. 2. 

[0031 ] The operating unit 1 02 comprises an input/out- 
put unit 104 serving as an input/output interface to the 



external, an information insertion unit 106 for executing 
various processing such as digital signature processing, 
invisible digital watermark processing and visible digital 
watermark processing to generate an information- 

5 appended electronic mark in which authentication infor- 
mation is embedded, a mark pasting unit 107 for pasting 
tiie Information-appended electronic mark to tiie con- 
tent, and a comroller 105 for controlling tiie operation of 
ttiese processing. In tiie storage unit 103 are stored a 

10 content 1 09 whose genuineness is to be authenticated, 
authentication information 110 containing, feature infor- 
mation on tiie content (for example, URL of tiie content), 
Information on an authentication source, effective term 
information, etc.. private (secret) key information 108 of 

75 the authentication source for creating a digital signa- 
ture, a mark part A 1 1 1 and a mark part B 1 1 2, informa- 
tion-appended electironic mark 113, a mark-pasted 
content 114 obtained by pasting tiie information- 
appended elecb*onic mark 1 13 to tiie content 109. 

20 [0032] The content check device 200 conprises an 
operating unit 202 and a storage unit 203 as shown in 
Fig- 3- 

[0033] The operating unit 202 comprises an input/out- 
put unit 204 serving as an input/output interface to the 

25 external, a mark cut-out unit 206 for cutting out tiie infor- 
mation-appended etectronk; mark portion from tiie 
mark-pasted content, an infomiation extraction unit 207 
for extracting digital-signature appended authentication 
information as exti^action information from the informa- 

30 tion appended electronic mark, a digital signature check 
unit 208 for checking the digital signature of the extrac- 
tion Information and the autiientication information, a 
genuineness expression information selecting/compos- 
ing unit 209 fa generating result notification Information 

35 on tiie basts of the check results of tiie signature and 
the autiientication infomnation, and a controller 205 for 
controlling the operation of these processing. In the 
storage unit 203 are stored a mark-pasted content 210, 
a content 211 separated/extracted from the mark- 

40 pasted content 210. an Information-appended elec- 
tronic mark 212, fraction information 213. a public 
(open) key 214 of an authentication source to decrypt 
tiie digital signature, a check result 21 5 of the digital sig- 
nature and the extraction authentication information, 

45 and genuineness expression Information 216 as frame 
display information of a check result notification of the 
signature and the authentication information. 
[0034] Here, as shown in Fig. 4. the mark-pasted con- 
tent generating device 100 and tiie content check 

50 device 200 can be built up in an electi-onic computer 
having a general construction which includes a CPU 
301 . a main memory 302. an external storage device 
303a serving as a hard disc device, anotiier external 
storage device 303b. a communication controller 304. 

55 an input device 305 such as a keyboard or a pointing 
device and an output device 306 such as a display 
device. 

[0035] In this case, the operating unit 1 02 of ttie mark- 
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pasted content generating device 100 and each part of 
the operating unit 102 are implemented as processes 
embodied on the electronic computer by executing pro- 
grams loaded into the main memory 302 by the CPU 
301. in this case, the main memory 302 and the exter- 
nal storage devices 303a and 303b are used as the 
storage unit of the mark-pasted content generating 
device 100. Ukewise, the operating unit 202 of the con- 
tent check device 200 and each part of the operating 
unit 202 are implemented as processes embodied on 
the ^ectronic computer by executing programs loaded 
into the main memory 302 by the CPU 301 . In this case, 
the main memory 302 and the external storage device 
303a and 303b are used as the storage unit 203 of the 
content check device 200. 

[0036] The programs which are loaded into the main 
memory 302 and executed by the CPU 301 to construct 
the mark-pasted content generating device 100 and the 
content check device 200 on the electronic computer 
are stored in the external storage device 303a in 
advance, and they are loaded to the main memory 302 
and executed by the GPU 301 as occasion demands. 
Alternatively, the progran^ may be directly loaded from 
a portable storage medium 307 through the external 
storage device 303b handling a portable storage 
medium 307 such as CD-ROM or the like and then exe- 
cuted by the CPU 301 as occasion demands. Or. the 
programs may be temporarily installed from the portable 
storage medium 307 through the external storage 
device 303b handling a portable storage medium onto 
the external storage device 303a such as a hard disc 
devrce, and then loaded to the main merTK)ry 302 and 
executed by the CPU 301 as occasion demands. 
[0037] The mark-pasted content generating device 
100 may be built up on the electronic computer in which 
an editor program for creating Web pages is actuated, 
in this case, the mark-pasted content generating device 
100 shown in Fig. 2 m^ be implemented as a process 
of plug-in software supplying a function to the process 
of the editor program. In this case, the process of the 
plug-in software is started from the process of the editor 
program, and the process of the editor program takes a 
Web page under edition as a content and carries out the 
processing of the mark-pasted content generating 
device 100 as described later to create as a mark- 
pasted content a Web page to which an information- 
appended electronic mark is attached. The pasting of 
the information-appended electronic mark to the Web 
page is performed by inserting the description of URL of 
the information-appended electronic mark into the 
HTML description of the Web page by using a (IMG 
SROtag. 

[0038] The content check device 200 may be built up 
on the electronic computer in which a browser program 
to browse the Web page is actuated. In this case, the 
content check device 200 shown in Fig. 3 may be imple- 
mented as the process of the piug-in software supplying 
the function to the process of the browser program. In 



tills case, when ttie display of the information-appended 
electronic mark in the Web page is selected by the user, 
the process of the plug-in software is started from the 
process of the kxowser program, and the browser pro- 

5 gram cuts out tiie information-appended electronic 
mark selected by the user white setting the Web page 
under display as a mark-pasted content and tiien per- 
forms tiie processing of the content check device 200 
described later to generate and display the genuine- 

to ness expression information 216 as frame display infor- 
mation of tiie check result notification of the signature 
and tiie autiienticatk>n information. 
[0039] Next, the operation of tiie genuineness authen- 
tication system of the digital content according to the 

75 first embodiment will be described by applying this 
embodiment to a case where the content 1 09 whose 
genuineness is to be authenticated is a Web page of an 
electronic shopping on the Internet shown in Fig. 5. 
[0040] Rrst. tiie operation of the mark-pasted content 

20 generating device 1 00 wilt be first described. 

[0041 ] Fig. 6 shows the procedure of the processing 
executed by the mark-pasted content generating device 
100. 

[0042] Rrst, the content 109. tiie authentication infor- 
ms mation 110 including content information (URL of the 
content), authentication source information (Merchant 
A) and mark effective term information (19xx/yy/xx). tiie 
authentication source private key 108 for digital signa- 
ture, and a mark part A (Merchant A) 1 1 1 and a part B 
30 112 are beforehand stored in tiie storage unit 1 03. 
[0043] When the input/output unit 104 receives an 
infomiation-appended electronic mark creating request, 
the contn:)ller 1 05 actuates the information insertion unit 
106. 

35 [0044] The information insertion unit 106 thus actu- 
ated first calculates the hash value of tiie authentication 
information 110. encrypts the hash value with the pri- 
vate key 108 to generate a digital signature and adds it 
to the authentication information 110, tiiereby creating 

40 tiie autiientication information 403 witii the digital signa- 
ture of Rg. 5 (step 501). Subsequentiy, the authentica- 
tion information 403 with the digital-signature is 
embedded in an unseparable and invisible digital water- 
mark style into the mark part A 1 1 1 representing partial 

45 infomiation (for example, autiientication source) of tiie 
authentication information (step 502). Thereafter, tiie 
mark part A 11 1 is embedded into the mark part B (for 
example, trademark) 1 12 in a digital watermark style 
which is separat>le tiirough the inverse conversion 

50 processing and visualized (for example, visualizing dig- 
ital watermark using brightiiess information), thereby 
generating information-appended electronic mark 113 
(step 503). This is because the mark part A 1 1 1 is set as 
a certification display for tiie genuineness in which tiie 

55 authentication information is visualized. 

[0045] Here, tiie invisible digital watermark means a 
digital watermark obtained by embedding information 
as a digital watermark so tiiat the content of information 
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to be embedded cannot be visually recognized, and the 
visible digital watermark means a digital watermark 
obtained by embedding an image as a digital watermark 
into another image so that an image pattern of the 
image to be embedded can be visually recognized. The 
inverse-transform separable watermark style means a 
watermark style in which information is watermarked by 
a specific brightness conversion processing and then 
an image embedded as the digital watermark can be 
separated by the inverse conversion processing. 
[0046] Subsequently, the controller 105 actuates the 
mark pasting unit 107, and the mark pasting unit 107 
pastes the information-appended electronic mark 113 
to the content 109 by defining URL of the file of the Infor- 
mation-appended electronic mark (for example, a URL 
of GIF file) in an image tag of HTML, thereby generating 
the mark-pasted content 114 (step 504). 
[0047] Next, the operation of the content checkdevice 
200 will be described. 

[0048] Fig. 7 shows the procedure of the operation of 
the content check device 200. 
[0049] Here, the mark-pasted content 210 and the 
public key 214 of the mark authentication source are 
beforehand stored in the storage device 203. Upon 
receiving a check request through the input/output unit 
204 when the mark-pasted content 210 is displayed by 
the browser program described above, the controller 
204 actuates the mark cut-out unit 206. 
[0050] The mark cut-out unit 206 thus actuated cuts 
out the information-appended electronic mark 212 from 
the mark-pasted content 210 (step 601), and the con- 
troller 204 actuate the information extraction unit 207. 
[0051] The information extraction unit 207 separates 
and extracts from the information-appended electronic 
mark 212 the mark part A 1 1 1 which has been embed- 
ded as a visifc)le digital watermark through the inverse 
conversion (step 602), and extracts as the extraction 
information 213 the digital-signature appended authen- 
tication information which has been inserted in the mark 
part A 1 1 1 as an invisible digital watermark (step 603). 
The controller 205 actuates the digital signature check 
unit 208. 

[0052] The digital signature check unit 208 checks the 
genuineness and reasonability of the mark-pasted con- 
tent 210 on the basis of the coincidence between the 
hash value of the authentication information of the dig- 
ital-signature appended authentication information and 
the hash value calculated by decrypting the digital sig- 
nature of the digital-signature appended authentication 
infomnation with the public key 214, the coincidence 
between the content information (URL) contained in the 
authentication information of the digital-signature 
appended authentication information and the informa- 
tion (URL) of the mark-pasted content 210 and the 
effectiveness of the effective term contained in the 
authentication information of the digital-signature 
appended authentication information, and generates a 
check resuH (OK/NG) 215 (Step 604). 



[0053] Finally, the controller 205 actuates the genuine- 
ness expression information selecting/composing unit 
216, generates the genuineness expression information 
216 (for example, a check result text message) to dis- 
5 play the check result (OK/NG) 215, and then outputs it 
to the input/output unit 204 (step 605). 
[0054] The foregoing description is made on the first 
embodiment 

[0055] As described above, according to the first 
10 eni)odiment, the genuineness of a main electronic 
mark such as a trademark or the like and a content can 
be expressed to be visually recognizable by the pres- 
ence or absence of a sub-electronic mark which is 
embedded as a visible digital watermark in the main 
IS electronic mark, and also the genuineness can be 
strictly authenticated by the digital-signature appended 
authentication information which is embedded as an 
invisible digital watermark in the main electronic mark 
such as a trademark or the like. 
20 [0056] Next, a second embodiment of the present 
invention will be desaibed. 

[0057] According to tiie second embodiment, the fol- 
lowing modifications are rriade on the processing of cre- 
ating the information-appended electronic mark V'S 

25 wrfnich is executed by the information insertion unit 1 0fJ 
of the mark-pasted content generating device 100 of tne 
first embodiment and the processing of extracting the 
extraction information 213 from the Information- 
appended electronic mark212 in the information extrac- 

30 tion unit 207 of the coment check device 200. 

[0058] Fig. 8 shows the procedure of the processing 
executed by tiie mark-pasted content generating device 
100. 

[0059] In this embodiment the information insertion 

35 unit 1 06 creates the digital-signature appended authen- 
tication information 403 of Fig. 9 in the same manner as 
the first embodiment (step 501). Subsequently, the dig- 
ital-signature appended authentication information 403 
is embedded into the mark part A 1 1 1 (for example, a 

40 trademark) as an unseparable and invisible digital 
watermark (step 502), and then a mark part B 112 
which has the transparent background and represents 
partial Information (for example, an authentication 
source) of the authentication information is superposed 

45 on the mark part A 111 to generate an information- 
appended electronic mark 113 having a two-layer struc- 
ture (step 1201). The information-appended electronic 
mark 113 thus generated is an image in which the 
image pattern of the mark part A 1 1 1 appears in most of 

so tfie background portion of the mark part B 112. The 
mark pasting unit 107 pastes the information-appended 
electronic mark 113 to the content 109 to generate a 
mark-pasted content 1 1 4 (step 504). 
[0060] When the mark part B is overlakl on and 

55 pasted to the mark part A 1 1 1 in which the digital-signa- 
ture appended autiientication information as described 
above is embedded, the following process is performed. 
[0061 ] That is, an HTML description in which tiie con- 
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tent of a table containing the mark part A 1 1 1 in which 
the digital-signature appended authentication informa- 
tion 403 is embedded as a background image is set as 
the mark part B 112 is created. In this case, the mark 
part B 112 is embedded is assumed as a transparent 
GIF file. The description of the table as described above 
is inserted into the HTML description of a Web page. 
[0062] Fig. 10 shows the procedure of the operation of 
the content check device 200 according to the second 
embodiment. 

[0063] As shown in Fig. 10. in this processing, the 
information-appended electronic mark 212 is cut out 
from the mark-pasted content 210 as In the case of the 
first embodiment (step 601). The information extraction 
unit 207 removes the mark part B from the information- 
appended electronic mark 212 to separate and extract 
the mark part A 111 (step 1301), and extracts as the 
extraction information 213 the digital-signature 
appended authentication information which is inserted 
as an invisible digital watermark into the mark part A 
111 (step 603). As in the case of the first embodiment, 
the digital signature check unit 208 checks the genuine- 
ness and reasonability of the mark-pasted content 210 
(step 604). and the genuineness expression information 
selecting/composing unit 216 genei^ates the genuine- 
ness expression information 216 (for example, a check 
result text message) and outputs it from the input/output 
unit 204 (step 605). 

[0064] The above-described second embodiment may 
be implemented in the following mode. 
[0065] That is, the information extracting unit 207, the 
digital signature check unit 208 and the genuineness 
expression information selecting/composing unit 216 of 
the content check device 200 are provided as extension 
programs of the server program on the WWW server 
whicH makes the Web page (mark-pasted content 114) 
on the Internet. The other portions of the content check 
device 200 are provided as the plug-in programs of the 
browser programs browsing the Web page at the client 
side at which the browser program runs. 
[0066] The WWW server sets at least the mark part A 
111 embedded with the unseparable and invisible digital 
watermark serving as the background image of the 
table in a no-cache indication mode (a mode of indicat- 
ing prohibition of storage of data into local cache of a cli- 
ent) by a proper program through CGI and feeds the 
Web page (mark-pasted content 114),. The direct 
access to the mark pgrt A 111 embedded with the 
unseparable and invisible digital watermark serving as 
the background image of the table by the client Is 
rejected by the proper program through CGI. 
[0067] Accordingly, the client cannot copy the mark 
part A 1 1 1 embedded with the unseparatrfe and invisi- 
ble digital watermark serving as the background image 
of the table by using a normal copying procedure, and 
thus an unauthorized person who accesses the mark- 
pasted content 114 as a client can be prohibited from 
illegally copying and using the mark part A 1 1 1 . 



[0068] On the other hand, at the client side, the plug- 
in program actuated from the browser program requests 
to the Web server the check of the information- 
appended electronic mark 212 indicated by the user on 

5 the Web page. The extension program on the server 
program on the Web server receiving the request 
checks the genuineness and reasonability of the Web 
page (mark-pasted content 114) from the infonnation- 
appended electronic mark 212 on the Web server as 

10 described alcove, generates the genuineness expres- 
sion information (for example, check result text mes- 
sage) and then outputs it to the client. The plug-in 
program of the browser program at the client skle dis- 
plays it. 

75 [0069] The foregoing description is made on the sec- 
ond embodiment of the present invention. 
[0070] As described above, according to the second 
embodiment, the genuineness of the electronic mark 
such as a trademark or the like and the content can be 

20 expressed so as to be visually recognizable by the pres- 
ence or absence of the display of an electronic mark 
having a transparent background which is overlaid on 
the electronic marK and also the genuineness can be 
strictly authenticated on the basis of the digital signa- 
ls ture appended authentication information which is 
embedded as an invisible digital watermark into an elec- 
tronic mark such as a trademark or the like. Further, by 
supplying an electronic mark such as a trademark or the 
like to a client in the no-cache indication mode 

30 described above, the copying of the electronic mark can 
be prevented, and thus illegal use can be prevented. 
[0071 ] Next, a third embodiment of the present inven- 
tion will be described hereunder. 
[0072] In the third embodiment, the following modif ica- 

35 tions are made to the processing of creating the infor- 
mation-appended electronic mark 113 executed by the 
infonnation insertion unit 106 of the mark-pasted con- 
tent generating device 100 of the first embodiment, and 
the processing of extracting the extraction information 

40 21 3 from the information-appended electronic mark 212 
in the Information extraction unit 207 of the content 
check device 200 of the first embodiment. Further, in 
place of the mark part B 1 1 2, mark genuineness/type 
indication brightness/chroma (color) information 1403 is 

45 beforehand stored in the storage unit 103 of the mark- 
pasted content generating device 100, and mark genu- 
inenessAype indication brightness/chroma information 
1404 Is beforehand stored in the storage unit 103 of the 
content generating device 100. 

50 [0073] As shown in Fig. 11, the mark genuine- 
ness/type indication brightness/chroma information 
1403. 1404 defines the corresponding relationship 
tDetween the authentication type and the bright- 
ness/chroma value contained in the authentication Infor- 

55 mation 110, and the mark genuineness/type Indication 
brightness/chroma information 1403 and the mark gen- 
uineness/type indication brightness/chroma information 
1404 have the same content. 
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[0074] In the third embodiment, the information inser- 
tion unit 106 of the mark-pasted content generating 
device 100 embeds the digital-signature appended 
authentication information 403 obtained by adding the 
digital signature to the authentication information con- 
taining an authentication type (for example, position cer- 
tification) in an invisible digital watermark style into the 
mark part A 111 (trademark) at a cfifferential portion 
between predetermined brightness/color and the bright- 
ness/chroma of the mark part A 1 1 1 so that at least a 
part of the mark part A 111 has the brightness/chroma 
(for example, red color for position certification in case 
of trademarl^ corresponding to the authentication type 
indicated by the mark genuineness/type indication 
brightness/chroma information 1403 to the extent that it 
can be visually recognized by the human, thereby gen- 
erating the information-appended electronic mark 1 13. 
[0075] The information extraction unit 207 of the con- 
tent check device 200 extracts as the extraction infor- 
matk)n the digital-signature appended authentrcation 
information 214 which is embedded as an invisible dig- 
ital watermark in the information-appended electronic 
mark 212. At this time, it may be checked whether the 
brightness/chromaticities of at least a part of the infor- 
mation-appended electronic mark 212 as described 
above is the brightness/color registered in the mark 
genuinenessAype indicatton brightness/chroma infor- 
mation 1404. and then the check result may be dis- 
played. 

[0076] As described above, according to the third 
emtxxJiment, the genuineness of the electronic mark 
and the content or the type of the genuineness can be 
expressed so as to be visually recognizable by the 
brightness/color of the electronic mark such as a trade- 
mark or the like, and also the genuineness can be 
strictly authenticated by the digital-signature appended 
authentication information embedded as an invisible 
digital watermark. 

[0077] The following modifications may be made to 
the third embodiment. 

[0078] That is. the brightness/color which is varied to 
the extent that the human cannot visually perceive to 
the brightness, color used in the electronic mark A is 
registered in association with the authentication type in 
the mark genuineness/type indication bright- 
ness/chroma information 1403, 1404, and it is embed- 
ded as an invisible digital watermark at this brightness, 
color potion. Specifically, the brightness/color whose 
variation is perceived as white t>y the human is regis- 
tered. This brightness/color is embedded at a white por- 
tion of the electronic mark A, whereby the content check 
device 200 can recognize the authentication type on the 
basis of the brightness/color of the information- 
appended electronic mark and makes it invisible to the 
human. This method may be used to classify many elec- 
tronic marks in accordance with the authentication type 
on the basis of the brightness/color thereof. 
[0079] The foregoing description is made on the third 



embodiment. 

[0080] Next, a fourth errtbodiment of the present 
invention will be described. 

[0081 ] The fourth embodiment is similar to that of Fig. 

5 2 In the construction of the mark-pasted content gener- 
ating device 100, however. It is different In the process- 
ing of creating the information-appended electronic 
mark 113 which is executed by the Information insertion 
unit 107. The content check device 200 according to the 

10 fourth embodiment has the construction shown in Rg. 
12. That is. the construction of the content check device 
200 according to the fourth embodiment is substantially 
the same as the construction of the content check 
device shown in Rg. 3. however, it is different in that a 

IS display operation unit 220 is provided to the operating 
unit 202. 

[0082] First, the operation of the mark-pasted content 

generating device 100 will be described. 

[0083] Fig. 13 shows the procedure of the operation of 

20 the mark-pasted content generating device 100. The 
procedure of creating the information-appended elec- 
tronic mark 113 executed by the information insertion 
unit 107 as shown in Fig. 13 will be described. 
[0084] As shown In Fig. 14, the information insertion 

25 unit 1 06 first contains the data of the mark part A 1 1 1 
into the authentication information 110 (step 801). Here, 
the mark part A Is a perfect mark (for exanple, a pertec:t 
trademark) or a tally Impression type mark which is a 
divisional part of a perfect mark and constitutes the per- 

30 feet mark when it is combined with the other divisional 
mark B 1 12. The information Insertion unit 107 creates 
the digital-signature appended authentication Informa- 
tion 403 added with the digital signature of the authenti- 
cation information containing the electronic mark A 1 11 

35 (step 501). Subsequently, the digital-signature 
appended authentication information 403 is embedded 
into the mark part B 1 12 In an unseparable and invisible 
digital watermark style to generate the information- 
appended electronic mark 113 (step 802). The mark 

40 pasting unit 1 07 pastes the information-appended elec- 
tronic mark 113 to the content 109 to generate the 
mark-pasted content 1 14 (step 504). 
[0085] Next, the operation of the content check device 
100 will be described. 

45 [0086] Fig. 1 5 shows the procedure of the operation of 
the content check device 100. 
[0087] The mark cut-out unit 206 first cuts out the 
information-appended electronic mark 212 from the 
mark-pasted content 210 (step 601). The digital-signa- 

50 ture appended authentication information embedded as 
an invisible watermark is extracted as the extraction 
information 214 from the information-appended elec- 
tronic mark 212 by the inforniation extraction unit 207 
(step 901). 

55 [0088] Here, when a prior strict check request is set in 
advance (step 902), the digital signature check unit 208 
checks the genuineness and reasonability of the mark- 
pasted content 210 on the basis of the coincidence 



8 



15 



EP 0982 927 A1 



16 



between the hash value of the authentication tnfomna- 
lion of the digital signature appended authentication 
information, the hash value calculated by decrypting the 
digital signature of the digital signature appended 
authentication information and the public key 214, the 5 
coincidence between the content information (URL) 
contained in the authentication information of the digital 
signature appended authentication inlbrmation and the 
information (URL) of the mark-pasted content 210 and 
the effectiveness of the effective term contained in the 10 
authentication information of the digital signature 
appended authentication information (step 604). If the 
check result is NG (step 903). the genuineness expres- 
sion information selecting/composing unit 216 gener- 
ates genuineness expression information 216 (for 75 
example, check result text message) for displaying the 
check result (NG) 215. and outputs it from the input/out- 
put unit 204 (step 605). If the check result is OK (step 
903). the display operating unit 220 picks up the elec- 
tronic mark A contained In the authesTtication infontia- 20 
tion. If the electronic mark is a perfect type mark, the 
electronic mark A is displayed on the Web page in place 
of the electronic mark B. On the other hand, if the elec- 
tronic mark is a tally impression type mark, the elec- 
tronic mark A is combined with the electronic mark B to 25 
display the perfect type mark on the Web page. 
[0089] On the other hand, when no prior strict check 
request is set (step 902. 906). the display operating unit 
220 picks up the electronic mark A contained in the 
authentication information. If the electronic mark is a 30 
perfect type mark, the electronic mark A is displayed on 
the Web page in place of the electronic mark B. If the 
electronic mark is a tally-impression type mark, the 
electronic mark A and the electronic mark B are com- 
bined with each other to display the perfect type mark ss 
on the Web page. Thereafter, the digital signature check 
unit 208 checks the genuineness and reasonabiiity of 
the mark-pasted content 210 on the basis of the coinci- 
dence between the hash value of the authentication 
information of the digital signature appended authenti- 40 
cation information and the hash value calculated by 
decrypting the digital signature of the digital signature 
appended authentication Information with the public key 
214, the coincidence between the content information 
(U RL) contained in the authentication information of the 45 
digital signature appended authentication information 
and the information (URL) of the mark-pasted content 
210 and the effectiveness of the effective term con- 
tained in the authentication information of the digital sig- 
nature appended authentication information (step 604), so 
and the genuineness expression information select- 
ing/composing unit 216 generates the genuineness 
expression information 216 (for example, check result 
text message) for displaying the check result (OK/NG) 
215 and outputs it from the input/output unit 204 (step 55 
605). 

[0090] The foregoing description is made on the fourth 
embodiment of the present invention. . 



[0091] As described above, according to the fourth 
embodiment of the present invention, when no prior 
strict check request is set, the genuineness of an elec- 
tronic mark such as a trademark or the like and a con- 
tent or the type of the genuineness can be expressed so 
as to be visually recognizable by checking whether the 
electronic mark is displayed in a perfect style or not, and 
the genuineness can be stnctly authenticated by the 
digital-signature appended authentication information 
which is embedded as an invisible watermark. Further, 
when a prior strict check request is set, the strict 
authentication result of the genuineness can be indi- 
cated by checking whether an electronic mark such as a 
trademark or the like is displayed in a perfect style or 
not. 

[0092] Next, a fifth embodiment according to the 
present invention will be described. 
[0093] As shown in Fig. 1 6. the fifth ennbodiment of the 
present invention is designed so that the electronic 
mark B 1 12 of the fourth embodiment is a perfect type 
mark (a trademark or the like), the electronic mark A is 
a mark representing genuineness (for example, a valid- 
ness mark) and the electronic mark A is displayed in 
place of the electronic mark B in step 905 of Fig. 15. 
[0094] According to the fifth embodiment of the 
present invention, when no prior strict check request is 
set. the genuineness of the electronic mark and the con- 
tent or the type of the genuineness can be expressed so 
as to be visually recognizable by checking whether the 
validness mark is displayed or not. and the genuineness 
can be strictly authenticated by the digital-signature 
appended authentication information embedded as an 
invisible watermark. On the other hand, when a prior 
strict check request Is set. the strict authentication result 
of the genuineness can be indicated by the valkiness 
mark. 

[0095] As described above, according to the present 
invention, the genuineness of the electronic data can be 
strictly authenticated, and the genuineness can be visu- 
ally expressed to the users of the electronic data. 

Claims 

1. A method of generating authentication-enabled 
electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating the elec- 
tronic data as an invisible digital watermark into 
a first image and subjecting the first Image with 
the invisible digital watermark to a visually-rec- 
ognizable alteration to generate a second 
image; and 

inserting the second image into the electronic 
data to generate the authentication-enabled 
electronic data. 

2. A method of generating authentication-enabled 
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electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating elec- 
tronic data as an invisible digital watermark into 
a first image to generate a second image; 
embedding the second image as a visible dig- 
ital watermark into a third image to generate a 
fourth image: and 

inserting the fourth image into the electronic 
data to generate the authentk;atton-enabled 
electronic data. 

3. A method of generating authentication-enabled 
electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating elec; 
tronic data as an invisible digital watermark into 
a first image to generate a second image; 
superposing the second image and a third 
image on each other so that the image pattern 
of the third image and the image pattern of the 
second image are visually recognizable, 
thereby generating a fourth image having a 
double-layer structure: and 
inserting the fourth image into the electronic 
data to generate the authentication-enabled 
electronic data. 

4. A method of generating authentication-enabled 
electronic data, comprising the steps of : 

embedding digital-signature appended authen- 
tication information for authenticating elec- 
tronic data as an invisible digital watermark into 
a first image so that the brightness or chroma- 
ticities of the image has a predetermined visu- 
ally-recognizable characteristic. thereby 
generating a second image: and 
inserting the second Image into the electronic 
data to generate the authentication-enabled 
electronic data. 

5. A method of generating authentication-enabled 
electronic data, comprising the steps of: 

embedding digital-^gnature appended authen- 
tication information for authenticating elec- 
tronic data and first image data as an invisible 
digital watermark into a second image to gen- 
erate a third image: and 
inserting the third image into the electronic 
image to generate the authentication-enabled 
electronic data. 

6. A method of generating an authentication-enabled 
Web page to be supplied from a Web server to a cli- 



ent, conprising tiie steps of: 

embedding digital-signature appended authen- 
tication information for authenticating a Web 
page as an invisible watermark into a first 
image to generate a second image; 
superposing a third image having a transparent 
portbn on the second image thus generated to 
generate a fourth Image having a double-layer 
structure; 

inserting the fourth image into tiie Web page to 
generate tiie authentication-enabled Web 
page; and 

describing as processing of said Web server a 
description of supply of the Web page contain- 
ing the fourtii image to the client when the cli- 
ent accesses the authentication-enabled Web 
page, and a description of non-supply of tiie 
second image when the client directiy 
accesses the second image. 

7. A metiiod of checking the authentication-enabled 
electronic data generated by tiie method as 
claimed in claim 4, comprising the steps of: 

measuring tiie brightness or chromaticities of 
the second image contained in the authentica- 
tion-enabled electi'onic data; and 
checking whether the brightness or chromatici- 
ties thus measured has tne predetermined 
characteristic, and outputting tiie check result. 

8. A metiiod of displaying tiie authentication-enabled 
electronk; data generated by tiie method as 
claimed in claim 5. conprising the steps of: 

extracting the data of the first image embedded 
as the digital watermark from the tiiird image 
contained In the authentication-enabled elec- 
tronic data; and 

including the display of the first image repre- 
sented by the first image data extracted or ttie 
combined display of the display of the first 
image and the display of the third image in tiie 
display of tiie autiientication-enabled electronk; 
data in place of the display of the tiiird image. 

9. A method of authenticating the autiienticatiorbena- 
bled electronic data generated by the method as 
claimed in claim 5 and displaying a check result, 
comprising tiie steps of: 

authenticating the electronic data by using 
authenticatbn information and a digital signa- 
ture embedded as a digital watermark in tiie 
third image contained in the autiientication- 
enabled electronic data; and 
extracting the data of the first image embedded 
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as a digrtai watermark from the third image 
contained in the authentication-enabled elec- 
tronic data when the electronic data can be 
authenticated; and 

including the display of the first image repre- 
sented by the first image data extracted or the 
combined display of the display of the first 
image and the display of the third image in the 
display of the authentication-enabled electronic 
data in place of the display of the third display 

10. An authentication-enabled electronic data generat- 
ing device for generating authentication-enabled 
electronic data comprising: 

means for embedding digital-signature 
appended authentication information for 
authenticating electronic data as an invisible 
digital watermark into a first image and subject- 
ing the first image with the invisible digital 
watermark to a visually-recognizable alteration ' 
to generate a second image; and 
means for inserting the second image into the 
electronic data to generate a mark-pasted elec- 
tronic data as the authentication-enabled elec- 
tronic data. 



10 



IS 



20 



25 



digital watermark to a visually-recogniza- 
ble alteration to generate a second image; 
and 

means for generating as the authentica- 
tion-enabled electronic data mark-pasted 
electronic data obtained by inserting the 
second image Into the electronic data, and 



said electronic 
includes: 



data authentication device 



means for performing a display operation 
containing tiie display of tiie second image 
of the authentication-enabled electronic 

data; and 

means for authenticating the authentica- 
tion-enabled electronic data on the basis of 
tiie digital-signature appended authentica- 
tion information which Is extracted from the 
second image and embedded as a digital 
watermark. 



11. A storage medium in which a program to be read 
out and executed by an electronic computer is 
stored, wherein: 30 

said program makes said electronic computer 
execute: 

a step of embedding digital-signature 35 
appended authentication information for 
authenticating the electronic data as an 
invisible digital watermark into a first 
image, and generating a second Image 
which has been subjected to a visually-rec- 40 
ognizable alteratton; and 
a step of inserting the second image into 
tiie electronic data to generate the authen- 
tication-enabled eiecti-onic data. 

45 

12. An autiientication system for autiienticating elec- 
tronic data, comprising an autiientication-enabled 
electronic data generating device and an electronic 
data authenticating device, wherein: 

so 

said authentication-enabled electronic data 
generating device includes: 

means for embedding digital-signature 
appended authentication information for 55 
authenticating electronic data as an invisi- 
ble digital watermark into a first image and 
subjecting the first image with the invisible 
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FIG. 6 
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CONVERSION 
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